1. Field
The present disclosure relates generally to identity information, such as identity information that is referred to in certificate revocation lists, that is used by data processing systems to control access to such systems. Still more particularly, the present disclosure relates to updating identity information used by network data processing systems on aircraft and other systems that may have limited access to the sources of such identity information.
2. Background
Modern aircraft are extremely complex. For example, an aircraft may have many types of electronic systems on-board. These systems are often in the form of line-replaceable units (LRUs). A line-replaceable unit is an item that can be removed and replaced from an aircraft. A line-replaceable unit is designed to be easily replaceable.
A line-replaceable unit may take on various forms. A line-replaceable unit on an aircraft may be, for example, without limitation, a flight management system, an autopilot, an in-flight entertainment system, a communications system, a navigation system, a flight controller, a flight recorder, a collision avoidance system, a system to support maintenance functions, or a system to support crew processes. The various line-replaceable units on an aircraft may be parts of an aircraft network data processing system.
Line-replaceable units may use software or programming to provide the logic or control for various operations and functions. Typically, software on an aircraft is treated as one or more separate parts or is combined with a hardware part and is unchangeable without changing the hardware part number. Aircraft software that is treated as an aircraft part may be referred to as a loadable aircraft software part or a aircraft software part. Aircraft software parts are parts of an aircraft's configuration.
Aircraft operators are entities that operate aircraft. Aircraft operators also may be responsible for the maintenance and repair of aircraft. Examples of aircraft operators include airlines and military units. When an aircraft operator receives an aircraft, aircraft software parts may be already installed in the line-replaceable units on the aircraft.
An aircraft operator may also receive copies of loaded aircraft software parts in case the parts need to be reinstalled or reloaded into the line-replaceable units on the aircraft. Reloading of aircraft software parts may be required, for example, if a line-replaceable unit in which the software is used is replaced or repaired. Further, the aircraft operator also may receive updates to the aircraft software parts from time to time. These updates may include additional features not present in the currently-installed aircraft software parts and may be considered upgrades to one or more line-replaceable units. Specified procedures may be followed during loading of a aircraft software part on an aircraft such that the current configuration of the aircraft, including all of the aircraft software parts loaded on the aircraft, is known.
An aircraft operator or other aircraft maintenance entity may perform maintenance operations on an aircraft. Some maintenance operations may be performed by connecting a maintenance device to the aircraft network data processing system. For example, the maintenance device may be a portable computing device, such as a laptop computer. The maintenance device may include software stored on the device that is used to perform various maintenance operations on the aircraft. The maintenance device also may include other software stored on the device.
It is desired that only maintenance devices from approved maintenance entities, including only approved software from trusted software suppliers, be allowed to access the aircraft network data processing system. An unapproved maintenance device may have unapproved software on the maintenance device. Unapproved software may include software that is corrupted, software that is infected with a virus, or other unapproved software. Unapproved software may affect the operation of the aircraft network data processing system in undesired ways if an unapproved maintenance device containing such software is allowed to access the aircraft network data processing system.
Ground-based data processing networks may employ digital certificates in a public key infrastructure to ensure that only approved devices are allowed to access the network. Such digital certificates also may be known as public key certificates or identity certificates. The digital certificates are issued by a certificate authority that is trusted by the network. A data processing device attempting to access the network may present a digital certificate for the device to the network. The digital certificate identifies the data processing device, or the user of that device, to the network in a manner that can be trusted. The network may use the digital certificate to determine whether or not the data processing device will be allowed to access the network.
Current systems and methods for network access control to entirely ground-based computer networks may not be applied effectively to mobile systems, such as aircraft. The particular environment in which network data processing systems on aircraft are operated and maintained makes it difficult or impossible to use such current network access control systems and methods for determining whether a maintenance device or other data processing device should be allowed to access an aircraft network data processing system. This is due partly to the fact that aircraft are often disconnected from back office networks and partly to the conventions for aircraft configuration control that are followed in aircraft maintenance operations.
Accordingly, it would be desirable to have a method and apparatus that takes into account one or more of the issues discussed above as well as possibly other issues.